home

counter-strike.exe

Counter Strike

Innovative Systems LLC

The application counter-strike.exe by Innovative Systems has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from counterstrike.joydownload.com.
Publisher:
Innovative Systems LLC  (signed and verified)

Product:
Counter Strike

Version:
1.0.0.0

MD5:
622eb4b52d5417dc0056e8130c40042f

SHA-1:
a113af13cf3f2d66056f8c0e13d6a271c26e5f8d

SHA-256:
f6a81ec7e6ed36e87010baf0fa7afd267155d9f584f490e49b633415a2fe2b36

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
8/3/2025 11:41:39 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OpenCandy
2014.09.29

Avira AntiVirus
APPL/Downloader.Gen
7.11.174.252

avast!
Win32:Adware-gen [Adw]
2014.9-160209

AVG
Generic
2017.0.2838

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.1629

Clam AntiVirus
Win.Trojan.Agent-803351
0.98/21511

Comodo Security
UnclassifiedMalware
20441

Dr.Web
Adware.Downware.6712
9.0.1.040

ESET NOD32
Win32/JoyDownloader
10.10478

G Data
Win32.Adware.OpenCandy
16.2.24

K7 AntiVirus
Unwanted-Program
13.200.15259

Malwarebytes
PUP.Optional.OpenCandy
v2016.02.09.03

McAfee
Artemis!03F314BFCB9F
5600.6494

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.InnovativeSystems.Installer (M)
16.2.9.15

Sophos
Generic PUA IK
4.98

Trend Micro House Call
Suspici.218D75EB
7.2.40

Trend Micro
ADW_OPENCANDY
10.465.09

VIPRE Antivirus
Trojan.Win32.Generic
33502

File size:
546.5 KB (559,616 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\counter-strike.exe

Digital Signature
Signed by:
Innovative Systems LLC

Authority:
VeriSign, Inc.

Valid from:
5/19/2014 3:00:00 AM

Valid to:
5/20/2015 2:59:59 AM

Subject:
CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska oblast, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
450EACFE8D673E82864CE46BC1A92FCA

File PE Metadata
Compilation timestamp:
5/20/2013 2:53:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:aKcUWjHq6pjZVfXDYNVgay2BntpSLBCahaH8374fy7:mUWb/Z9zY/gay3LBCa4H8L4fE

Entry address:
0x333E

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 80, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 78, 4F, 43, 00, E8, A8, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, F0, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, 7C, A3, 40, 00, 68, C0, 3E, 43, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file counter-strike.exe has been seen being distributed by the following URL.

http://counterstrike.joydownload.com/get_file/wUiS4WnYccXGwj 8XPavWwllklY NSrUR12sJImRqIByrzyl93Yng44cJgTta7Hufyro0l8bOGWGCeinGL0yw6trh8yfDR7Vuz3zT0z2smm mf6SpN/SgzYD4cxy1kdJDXymDj91kcso y3zUSCTRrZOnpi9Y2JFerJxJRkFIa7lXTl1esTceVgwh LuFSw3P9yshbJyTXux8VDMlu01Xcave4GkbXtO3sSvFqounBcHq9Gpn1O7ZKx/.../ZW0o8 imHhBz3Un1iZkRUW lRFSo9ojvhAUmNGCH4T4G1oDZMXnl

Remove counter-strike.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.